Programmable logic devices that store their configuration data in static random access memory (“SRAM”) storage have the advantage of being smaller and faster than the devices based on erasable programmable read-only memory (“EPROM”) technology. However, SRAM storage is volatile; it does not retain its contents when power is lost. Therefore, programmable logic devices based on SRAM technology are used with nonvolatile storage to retain the configuration programming data, including vendor-provided proprietary configuration data for various commonly-used functions (frequently referred to as “intellectual property cores”), during times that the device is switched off or otherwise not provided with power. Such nonvolatile storage may be provided, for example, in the form of Flash memory, although any form of nonvolatile storage may be used, and it may be either on, or separate from, the device.
Unfortunately, an authorized user may nonetheless access the sensitive information by circumventing the security features.
Earlier systems addressed this concern by implementing various security measures, such as encryption algorithms. Commonly-assigned U.S. Pat. Nos. 5,768,372 and 5,915,017, each of which is hereby incorporated by reference herein in its respective entirety, describe the encryption of the configuration data stored in the nonvolatile storage and its decryption upon loading into the programmable device. However, some encryption keys can be deciphered by bombarding the device with false configuration data and analyzing the device's response to the false data. It is particularly difficult to secure against this type of attack because it is performed before the device enters the user-mode, where many security algorithms are implemented.